Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Insert excerpt
Identity v3 (Powered by Auth0)
Identity v3 (Powered by Auth0)
nopaneltrue

Tip

This feature is supported for Aspenware Cloud customers.

Warning

This feature is not supported for resorts using Siriusware.

Key Terms

Excerpt

Actions

Secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic.

Applications

Software that relies on Auth0 for authentication and identity management. Auth0 supports single-page, regular web, native, and machine-to-machine applications.

Biometrics

Authentication process that allows the user to leverage FaceID or Fingerprint scanning.

Connection

Relationship between Auth0 and the sources of users for your applications. Examples include identity providers (such as Google or Active Directory), passwordless authentication methods, or user databases.

Custom Domain

Third-party domain with a specialized, or vanity, name. Also known as a CNAME.

Organizations

Auth0 product that allows B2B customers to categorize end-users and define specific roles, login experience, and access to resources.

Tenants

A logically-isolated group of users who share common access with specific privileges to a single software instance.

Identity v3 (Powered by Auth0)

Aspenware Identity v3 - Powered by Auth0 marks a significant leap forward in secure, reliable, and modern identity features for our valued customers. In addition to the basic login & sign-up features, this product includes customer matching logic that will help reduce duplicate customers and account for any merging of customers in RTP.

As part of Aspenware’s ongoing commitment to safety and efficiency when rolling out new products and features, we will closely monitor and evaluate data in Auth0 and in Google Analytics. This ensures smooth operations and a seamless experience for all stakeholders. 

However, this is just the beginning. In 2024, we plan to make massive inroads at numerous other Auth0-supported features like Passwordless and Social Sign-in to reduce any friction at login or signup.

What is Auth0?

Auth0 is an identity access management (IAM) provider. An IAM solution is a gatekeeper to the resources you provide to customers as web applications, APIs, etc, adding layers of authentication to secure your users’ digital identities and your product. The Auth0 identity platform supports regular web, mobile, or machine-to-machine apps.

The Identity v3 (Powered by Auth0) identity platform allows Aspenware to customize login services to fit your business, technology, and customer base.

Why Auth0?

  • Best in-class identity access management platform

  • Secure platform

  • Ability to easily extend into SSO, social, biometrics, MFA, and passwordless which has been proven to increase conversion rates

  • Quick onboarding experience for customers.

Product Features

Sign in & Create Account

Your guests can utilize a standard login & create account flow using an email and password. The guest will be required to remember these credentials every season unless they decide to switch to other methods such as passwordless, which will be available in an upcoming release.

image-20241009-150444.pngimage-20241009-150457.png

Customer Matching

Guests that sign in create a user account. The user account is mapped to a customer in the point of sale (POS). It's vital to limit duplicate customer creation in the POS when possible. For that reason, Aspenware created a customer matching feature. When a guest creates a new user account, they will be prompted to complete their profile, which creates a customer record in the POS. When the provided information matches an existing customer in the POS, we send them through a matching process in order to prevent creation of a duplicate customer. Aspenware will endeavor to prevent a duplicate and will attempt to match with the following information (must match to all):

  • Email (In RTP, this is an email profile)

  • First

  • Last

  • Date of birth

If the customer matched to only one (1) customer in the POS, Aspenware will send an email to the customer for them to verify that they are the owner of that email. Once verified, the customer will then be matched. The new Auth0 user account will be associated to the customer record found in the POS, and they can then sign in and purchase products on the resort commerce site.

If the customer matched to multiple customers in point of sale, the guest is presented with the resort’s phone number so they can call for help. At this point, Aspenware systems don’t know which customer to match to and will leave it up to the call center to make the determination with the customer.

image-20241009-150748.pngimage-20241009-150731.png

The resort maintains responsibility over what to do when a guest matches to multiple customers. In order to address this issue, when the resort receives the call from the customer, one option is to merge those customers in the POS and then direct the guest to enter the credentials they previously created when attempting to create an account the first time. From there, the guest will receive the ‘account already exists’ message and be required to verify their email before logging in successfully.

Email Verification

Anytime verification is required (e.g. account linking or customer matching), the customer will receive an email with a code so they can verify as a second ‘factor.' The email will look something similar to the example below.

sample-email.pngImage Removedsample-email.pngImage Added

SMTP

Email verifications will be sent from Auth0 using an SMTP provider.

Supported SMTP Providers: Sendgrid (Recommended), Mailgun, Mandrill, Amazon SES, Microsoft 365, Sparkpost, and Azure.

It is strongly recommended that the resort utilize an SMTP provider and have a dedicated IP address for transactional emails.This will significantly increase the likelihood of guests receiving emails for any verification needs.

Merged Customers

Some point of sales, like RTP|One have the concept of merging customers. Whenever customers are merged in the point of sale (i.e. RTP|One), Aspenware’s platform will associate the user to the merged customer record. If two customers are merged in the point of sale that have different user accounts in Auth0 (i.e. a different authentication profile in RTP|One), the user is associated with the customer record containing their credentials.

Guest Checkout

Guest checkout is supported out of the box with Identity v3 (Powered by Auth0). When a customer is purchasing a product that doesn’t require authentication, they will be presented with the option to log in if the email has been recognized as a previous account. If selected, they will be routed to the Identity v3 (Powered by Auth0) login screen to authenticate.

Pass Media Account Lookup (Forgot Email)

Some guests may have forgotten which email the used to sign-up with originally. If enabled, Resorts can allow a guest to look up their email by inputting their pass number, as seen below. To enable this function, Aspenware will set the setting: "passMediaLookupEnabled": true, "customerIdLookupEnabled": true. Once the user selects ‘Lookup email by pass number,' they will be directed to another page to input their pass number, seen below.

image-20240501-163141.pngimage-20240501-163418.pngimage-20240501-163446.png

Create Account with Pass

Though supported in Identity v2, creating an account with a pass in Identity v3 is much more intuitive and obvious. The benefit of signing up with a pass is that the guest will be able to potentially link new purchases to their existing pass.

First, the guest will input their pass number and Aspenware will first check to determine if an account exists already for the guest, and then a second check will occur if the guest has an email profile so we can verify their ownership of the pass itself.

If no existing account exists and there is an email profile on their customer profile in RTP|One, Aspenware will send an email to verify the guest's identity by sending an email ‘invite.' The guest will verify their account by accepting the invite and add a password to their account. From there, they only have to add their customer profile information and they’re done signing up.

image-20240501-164032.pngimage-20240501-164213.pngimage-20240513-191236.pngimage-20240501-164449.png

If the guest already has an account, they will be redirected to sign-in if it’s been determined that an email exists in the auth profile in RTP|One for that pass.

image-20240513-191724.png

If the guest enters a valid pass number but the customer associated with the pass doesn’t have an email, they cannot verify they own the pass and hence, Aspenware will prevent them from signing up with that pass. This is to prevent individuals who may have picked up this pass off the ground or through other means to create an account with someone else's pass. These individuals will be asked to call the resort for assistance.

image-20240513-191821.png

Bot Detection

Bot detection and preventing brute force attacks is out-of-the-box functionality that Aspenware will enable for partner resorts. For any suspicious IP addresses, Auth0 will present a ‘challenge' to the user to check a box that they are indeed human.

Single Sign-On

Single Sign-On

Single Sign-On, or SSO is enabled with Aspenware. In the instance of a Resort Group with multiple resorts, a single guest can create credentials at one resort and use those same credentials across all related resorts, as long as the tenant is setup to do so.

Multi-Store SSO

Identity v3 will allow resort groups that utilize a shared Commerce instance to host multiple stores. This applies to various configurations:

  • Themes are applied per store

  • GTM IDs are applied per store

  • Logins are applied per store

Rewards

The rewards module in RTP|One is connected to Aspenware Identity v3. If a resort wants to enable a rewards program and enroll guests, an enrollment checkbox will appear on the create customer profile screen. This will then communicate directly with RTP and create an enrollment status of ‘true’ in the module. Please note that the resort must setup their own Rewards module in RTP before Aspenware would enable this feature on the sign-up flow.

Google Analytics

We will track the following google analytics events based on the page location and user action indicated.

Title

Description

Location

Type (Page/Event)

Sign-in Page

When a customer views sign in page

Auth0

Page View

Forgot password page

Customer view ‘forgot password’ page

Auth0

Page View

forgot_password_select

Customer selected ‘forgot password’

Auth0

Event

forgot_password_submitted

Customer sent email to themselves to reset password

Auth0

Event

signin_attempt

Customer selects ‘continue’ from sign in

Auth0

Event

signin_error

Customer experiences a sign in error, such as password didn’t match, account exists, etc.

Auth0

Event

successful_login

Customer has been authenticated and directed to shop successfully

AW Cloud UI & Commerce

Event

signup_selection

Customer selects ‘sign up’ in auth0

Auth0

Event

Sign-up Page

Customer views sign up page

Auth0

Page View

signup_attempt

Customer selects ‘continue’ after input email/password when creating a new account

Auth0

Event

signup_success

Customer is successful in creating new account in auth0

Auth0

Event

auth0_account_error

Error occurred during sign up in auth0 such as email in use, API error.

Auth0

Event

Customer profile page

Customer views create customer profile page

AW Cloud UI

Page View

customer_match

Customer submits create profile and is matched to an existing customer in RTP (1 or many)

AW Cloud UI

Event

Customer match (1) page

Customer views ‘verification needed’ page after match

AW Cloud UI

Page View

Customer match (many) page

Customer view ‘call resort’ after being matched to multiple customers in RTP

AW Cloud UI

Page View

create_profile

Customer is successful in creating new customer

AW Cloud UI

Event

Update_Customer_Profile_Error

Customer experienced an error at creating a new customer

AW Cloud UI

Event

account_lookup

Customer selects ‘look up account with pass’

Auth0

Event

account_found

Customer inputs a valid pass and found an account

Auth0

Event

account_notfound

Customer input an invalid pass or no account found

Auth0

Event

signupwithpass_invitesent

Customer inputs correct pass, has email on file, and has no auth profile

Auth0

Event

Property: error_accountexists

Customer inputs a valid pass but account exists

Auth0

Event

Property: error_incorrectnumber

Customer inputs a invalid pass number and nothing found.

Auth0

Event

error_noemail

Customer inputs a valid pass but no email profile exists to verify

Auth0

Event

Add password

When a guest lands on the add password screen

 

Page View

Monitoring & Alerting

Aspenware has set up performance monitoring through Application Insights. Internal teams at Aspenware will be alerted if there are any performance degradations (e.g. 10 sign-in failures within 5 minutes). Aspenware will assess performance on a regular basis to determine trends and consult with Auth0 to determine continual improvements in the system to ensure the delivery of optimal performance for resort partners.

How will we alert the resort?

Aspenware will notify the resort if there are any significant performance issues affecting Identity v3.

  • During office hours

    • Service representative to notify resort after being notified via Slack.

  • After office hours

    • On-call representative will notify resort after being notified via Slack.

3rd Party Applications

All existing (and new) 3rd party applications from Identity v2 are may be added to Identity v3. There are additional requirements and collaboration required between the resort and Aspenware to set up, as listed below:

Steps for Onboarding 3rd Party Applications

  1. Resort completes the application section on the onboarding form and sends to Aspenware.

    1. Application Description

    2. Application type

    3. Callback URL

    4. Logout URL

    5. withScheme

  2. Aspenware sets up Auth0 applications for the Resort 3rd party application.

  3. Aspenware will provide resort with connection name and scope to put in their application(s) code-base.

  4. Resort Dev team to set up application using Auth0 guidelines

  5. Resort Dev team to test

The documentation for setup can be found /wiki/spaces/PLA/pages/3188031491.

Theming

Aspenware will theme the resort Auth0 pages based on the criteria submitted via Theme Designer. If the resort is a current Aspenware customer, most of the information can be utilized from Identity v2, but some new information will be required.

Theming the Auth0 pages will be part of the resort implementation process. All requests will go through the Aspenware Team and they will be responsible for setting up the initial theme on the resort Identity v3 pages once the tenant is setup.

Other Considerations

Currently, the following functions are not supported with Identity v3 (Powered by Auth0):

  • RFID Account Lookup

  • Usernames

  • Rewards

  • Siriusware Integration

Guests will continue to see the Identity v2 page when using Arrival or 3rd party applications. All credentials will be validated and stored in RTP|One until a future release.

Aspenware will provide documentation and consultation if/when resorts wish to migrate their applications to using Identity v3 (Powered by Auth0). Please contact your Aspenware Service Agent for more information.

Have Questions?

Check out our Frequently Asked Questions page or contact your Aspenware Service Agent.